Software firm is “aware of limited targeted attacks” exploiting a scripting issue vulnerability in Internet Explorer 9, 10, and 11 that previously has not been disclosed. A targeted attack is targeting a previously unknown vulnerability in Internet Explorer to corrupt memory and exploit victims’ Windows systems, Microsoft warned in an advisory published on January 17.
Concerns about an Iranian cyber response to the recent American military strike in Baghdad grew this week with the US Department of Homeland Security urging organizations to be on heightened alert for denial-of-service and other more destructive attacks. In an alert Monday, the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) warned US organizations about Iran’s
The Cybersecurity and Infrastructure Security Agency (CISA) publishes a draft document mandating a vulnerability disclosure policy and a strategy for handling reports of security weaknesses. The US government will require each civilian agency to create a public policy for software-vulnerability disclosure, as well as a strategy for handling any potential security weaknesses reported by researchers.
Rapid7 researchers found holes in CAN bus networks that an attacker could exploit to sabotage its operation. The US Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert on newly found vulnerabilities in the controller area network (CAN) bus networks used on small aircraft that could be abused by an
The drones are reportedly built with parts that can compromise organizations’ data and share it on a server accessible to the Chinese government. The US Department of Homeland Security warns Chinese-made drones could be transmitting flight data to manufacturers and, in doing so, make it accessible to the Chinese government. Data security concerns aren’t new
Industry leaders debate how government and businesses can work together on key cybersecurity issues. If money were no object, and you didn’t have to worry about bureaucracy or politics, what would you have your organization do to make a difference in the public-private sector discourse on cybersecurity? How would you improve tactics and techniques? “The
All government domain owners are instructed to take immediate steps to strengthen the security of their DNS servers following a successful hacking campaign. On Jan. 22, US-CERT issued notice of a CISA Emergency Directive on DNS Infrastructure Tampering. The notice was the typically brief CERT notice, but it linked to an Emergency Directive at cyber.dhs.gov